hege at hege
Jun 2, 2008, 5:20 AM
Post #25 of 27
On Mon, Jun 02, 2008 at 03:14:08PM +0300, Henrik K wrote:
> On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
> > On 30.05.08 15:37, Larry Ludwig wrote:
> > > IMHO regex setups are even more reliable we do this with our postfix setup.
> > >
> > > For example:
> > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
> > > dynamic ip address use isp for outgoing email - access.regex
> > >
> > > I think is more reliable than just by name or especially by IP since IP
> > > allocations do change.
> > looking at 20_dynrdns.cf we see that there are MANY forms of marking
> > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
> > (there were FP's reportet iirc) and now it's mostly used in conjuction with
> > other rules.
> > If your regexp's are THAT efficient, share them with us please.
> 20_dynrdns is lame and no one is really updating it. It doesn't even strip
> domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
> cumbersome to use the meta headers too. It needs some revamping to be more
> That's why there are plugins like Botnet and my BadRelay (which handles
> domains properly). My tool is pretty outdated too, I haven't updated it
> since I started blocking and greylisting suspicious hosts directly at MTA.
> Not much passes through.
> For a really big regexp list, have a look at .
>  http://sa.hege.li/
>  http://www.linuxmagic.com/opensource/anti_spam/dynamic_regex/
Just a few more hints. If you are scared to block anything directly,
greylist everything suspicious with a long delay. And using same dynamic
regexp lists to match HELO is even more foolproof.
Also check some more generic regexpes from my examples:
(access_helo_dynamic, greylist_*, whitelist_client)
DNSBL operators will thank you for using such lists before any queries.